59 / 127
Feb 19

I found an easy way to access remotely without VPN or opening a port. I'm using the VNC Connect that is now included since PIXEL. Works for me and most non tech people will be able to set this up. Interested to see what people have to say about this...

@domingy @damon.dinsmore

Chrome Remote Desktop and VNC are both great options but operate differently from a VPN connection.
Those apps allow you to remotely control a device on your home network as if you were sitting in front of it. They essentially give you a video stream of your display and provide mouse and keyboard control.

A vpn works very differently by essentially giving you remote access to your home network. The device you are using to establish the vpn connection will act as if if was directly connected to your router. One of the biggest benefits, in my opinion, of a VPN over a Remote Desktop solution is with mobile devices like your phone. I'll use the Hubitat web interface as an easy example.

Remote Desktop:

  • establish remote control of your desktop pc at home
  • you would now have to navigate your pc desktop using your phone.
    While this is helpful in a crunch, it is far from ideal and would require quite a bit of screen scrolling.

VPN:

  • establish a vpn connection to your home network
  • you can now use any browser installed on your phone and it will bring up the mobile web interface to easily configure your hub.

Another benefit for me is the ability to access my indoor webcams. I do not expose these cameras to the internet for reasons you might guess. With a vpn, I can easliy view my "local only" webcams while I'm away from home. No need to forward ports and use a cloud service. I just works.

Both are great options, and I'm sure others will chime in with why they prefer one over the other, but ultimately the decision on what works for you will be subjective. Needless to say, I prefer the vpn option.

Actually I can use my Remote Desktop from my phone OR another desktop and as you can clearly see from the picture I posted there is no scrolling whatsoever. You are confined on the size to view your desktop but with my windows 7 PC it isn’t a big deal at all. It took little to no effort for me to set up and it gets me in when I need to get in.

I was referring specifically to controlling your desktop via a phone.

Please don't take my post as a "my solution is better than yours" type post. I was trying to define the differences between the 2 approaches for others that might be trying to decide on how to remotely access their HE hubs. I have used quite a few Remote Desktop applications over the years and think they are a great solution. Once I started using VPN, I realized it was the best solution for me and my needs.

Don’t flatter yourself I could care less about who’s is better I was clearing up the fact that whether your using Remote Desktop on mobile or pc there is no scrolling problems. I was simply correcting your false statement.

I have to scroll on my, now tiny by today's standards, phone if I use Team Viewer...

Ok...I was unaware that mobile phones were now able to capture a high resolution desktops in a way that did not require "zoom and scroll". I stand corrected.

Me too... Which is why I use VPN instead of RDP/teamviewer/chrome remote desktop... 4K desktop... 2K phone screen.... Either way even if I size to fit, everything is WAY too small for me to see the desktop without zooming/scrolling.

Yup, would 100% prefer that over RDP.
I have to figure out why OpenVPN only lets me SSH to my PI and not anything else on my network.

To each their own I don’t need any rasberry’s, strawberries, or watermelons hahaha I just log in and get what I need done! It’s not like I’m performing surgery I just need it to check a rule or make a quick change when I’m away from home.

You're not allowing it :smiley:

OpenVPN (default) uses NAT... typically issuing 172.16 addresses to "visitors'.

There's an option to allow users to "see" the local network, which I think is off, by default.

I'll visit my config in a few and see if there's a useful screen cap.

OpenVPN is built into my internet security UTM (Untangle), so only took me about 10s to setup. Ok maybe 3m including time to copy the OpenVPN config to my phone. :smile:

But I agree - each to their own. Whatever works for you in a way you can live with is the right answer for you. :+1:

The nice thing also about VPN access is on my phone I can run apps as if I connected directly to my LAN. Or access HE right in my Chrome browser on the phone or any other device's web portal for that matter. If you want total control over your devices through a secure connection its the way to go.

11 days later

So if I'm out somewhere and I wanna turn on a light or change my temperature on my Thermostat or even disarm my alarm, I need to do that with a VPN?

Yes, or insecure your network opening a port to access the hub, not recommended

Or use a dashboard

No. You can create a dashboard that is accessible via the cloud.

Edit: except thermostat controls aren’t currently supported on dashboards, I believe (I don’t have a smart thermostat).

No, you would use a Hubitat Dashboard to handle those tasks.

Also, a new, updated version of Hubitat Dashboard is in the works which should address many of the current shortcomings, like lack of a dedicated thermostat tile.

13 days later

My recipe for exposing the Hubitat admin interface on the internet uses Dataplicity, a Raspberry Pi, and the Nginx web server acting as a proxy. This scheme has the advantage (or the security risk, depending on who you ask) that the admin interface is accessible like a normal web site on the internet without requiring a vpn client.

Here is the recipe:

  1. Connect a Raspberry Pi (or comparable linux machine) to the same local network that the Hubitat is connected to.
  2. On the Raspberry Pi, install Dataplicity (run the python bootstrapping installer from the url provided on the Dataplicity setup page).
  3. On the Raspberry Pi, install Nginx (sudo apt-get install nginx).
    [*]Enable the Dataplicity wormhole mode (this is done on the Dataplicity device page).
  4. Modify the nginx config file (/etc/nginx/sites-enabled/default) to look like this:

server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
#=====================================================================================
#| the below configuration assumes that the hubitat hub's web interface is reachable
#| on the local network at "http(s)://hubitat" . You're configuration might vary.
#| For instance, if you have configured your hubitat hub to have a static ip address
#| and are not relying on dns, then you could replace "hubitat" below with the ip
#| address of your hubitat hub.
#=====================================================================================
proxy_pass http://hubitat:80;
proxy_redirect default;
proxy_redirect http://hubitat/ /;
proxy_redirect https://hubitat/ /;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

Once this is done, the Hubitat's admin interface should be accessible on the web at the wormhole URL provided by Dataplicity.

3 months later

Is there an easy way with detailed steps for non-experts to use a vpn for accesing the hub from the internet? I see some suggestions but no firm steps. Sorry I am new at hubitat just rcvd my hub some days ago and discovering everything about it and just found that I have to create rules connected to the hub locally but normally I want to create my automations at any time when I have free time including when I am not at home

The answers vary according to what you have that will respond to a VPN.

Your home router may support a VPN product, perhaps even OpenVPN. In many ways that's ideal because it's probably well documented.

If not though, take a look at openVPN to see if you do have something it can run on... a device that's always on. Raspberry PI's are often used, but they can be underpowered once you discover all you can do. Trying to run multiple video streams from you house full of cams would be taxing.

Once we know what YOU have, we might be in a better position to advise.

I do not have a raspberry but I have an android samsung s3 phone that is always powered on and at home. Can this be used?
How to know if my router supports VPN?

It is a Tenda model N150, it was a cheap one, not sure if would support VPN

It doesn't support OpenVPN natively. I'd recommend getting an RPi3 (or some other SBC) and running OpenVPNd on it. There are openvpn clients available for just about every platform you can think of.

sorry if I make stupid questions but I am totally new on this things. Can this be ran in a Samsung S3 mobile (that I have on hand) instead of a RPi3?

@JasonJoel answered this. So I'm linking to a simple way 15 to get an openvpn server running. All the instructions you need are either on that page or linked to on that site.

I use port forwarding on my router (ASUS) and a VERY strong username/password for my Hubitat local access. That way I have access to the device through Internet as if I were on the same local network.

Works great.

It's perfectly safe...

You know, unless there is any exploitable bug in the underlying web server on the hub, someone brute forces the account, someone thinks it's fun to DoS the web server just because they can see it, etc.

Oh wait... Maybe you are right. :wink:

26 days later

Can you guide me on how to do port forwarding? I am new to all those things and I saw this is needed in the last steps on the simple form to create a von that aaiyar suggested

Quote